feat: add packages from flake
This commit is contained in:
parent
3fc3cf84b1
commit
e7ba863c59
8 changed files with 275 additions and 3 deletions
79
modules/reposilite.nix
Normal file
79
modules/reposilite.nix
Normal file
|
@ -0,0 +1,79 @@
|
|||
self: {
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.services.reposilite;
|
||||
|
||||
inherit (pkgs.stdenv.hostPlatform) system;
|
||||
|
||||
inherit
|
||||
(lib)
|
||||
getExe
|
||||
literalExpression
|
||||
mdDoc
|
||||
mkDefault
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
mkPackageOption
|
||||
types
|
||||
;
|
||||
in {
|
||||
options.services.reposilite = {
|
||||
enable = mkEnableOption "reposilite";
|
||||
package = mkPackageOption self.packages.${system} "reposilite" {};
|
||||
environmentFile = mkOption {
|
||||
description = mdDoc ''
|
||||
Environment file as defined in {manpage}`systemd.exec(5)`
|
||||
'';
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = literalExpression ''
|
||||
"/run/agenix.d/1/reposilite"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users = {
|
||||
users.reposilite = {
|
||||
isSystemUser = true;
|
||||
group = "reposilite";
|
||||
};
|
||||
|
||||
groups.reposilite = {};
|
||||
};
|
||||
|
||||
systemd.services."reposilite" = {
|
||||
enable = true;
|
||||
wantedBy = mkDefault ["multi-user.target"];
|
||||
after = mkDefault ["network.target"];
|
||||
script = ''
|
||||
${getExe cfg.package}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
|
||||
EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
|
||||
|
||||
StateDirectory = "reposilite";
|
||||
StateDirectoryMode = "0700";
|
||||
WorkingDirectory = "/var/lib/reposilite";
|
||||
|
||||
User = "reposilite";
|
||||
Group = "reposilite";
|
||||
|
||||
LimitNOFILE = "1048576";
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectHome = true;
|
||||
ProtectSystem = "strict";
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue